"established" on { tcp or udp } rules

[Freddie Cash]

On March 19, 2008 01:47 pm you wrote:
> Freddie Cash wrote:
> > Just curious if the following rule will work correctly.  It is
> > accepted by the ipfw command.  In the process of working out a test
> > for it, but thought I'd ask here as well, just to be sure.
> >
> > ipfw add { tcp or udp } from me     to any 53 out xmit fxp0
> > ipfw add { tcp or udp } from any 53 to me     in  recv fxp0
> > established
> >
> > Will the UDP packets go through correctly, even though "established"
> > has no meaning for UDP streams, and the ipfw command will barf if you
> > use it with just "ipfw add udp" rules?
>
> well, an action to do would be good..

D'oh, typo in the e-mail.  The rules are allow:

ipfw add allow { tcp or udp } from me     to any 53 out xmit fxp0

ipfw add allow { tcp or udp } from any 53 to me     in  recv fxp0 
established

>   as for the question of whether UDP ... established evaluates to true
> or false, I would guess false but you'll have to test.

See my follow-up e-mail.  It appears that UDP packets don't match due to 
the established keyword.

It appears that:
ipfw add allow tcp from any to me in recv fxp0 established

and

ipfw add allow { tcp or udp } from any to me in recv fxp0 established

are functionally the same.  Perhaps a warning should be emitted when one 
tries to add the rule?

Hrm, it seems something is different with ipfw on 6.3.  One can add:

ipfw add allow udp from any to any established

without any errors or warnings, but it will never match any packets.  I'm 
sure back in the 4.x days when I started using ipfw that it would error 
out with something along the lines of "TCP options can't be used with UDP 
rules".

-- 
Freddie Cash
fjwcash at gmail.com